https://www.bleepingcomputer.com/ne...rporate-cyberattack-to-russian-state-hackers/
TeamViewer says they believe their internal corporate network, not their production environment, was breached on Wednesday, June 26, using an employee's credentials.
"Following best-practice architecture, we have a strong segregation of the Corporate IT, the production environment, and the TeamViewer connectivity platform in place," continues TeamViewer's statement.
"This means we keep all servers, networks, and accounts strictly separate to help prevent unauthorized access and lateral movement between the different environments. This segregation is one of multiple layers of protection in our 'defense in-depth' approach."
While this is reassuring to TeamViewer customers, it is common in incidents like this for more information to come out later as the investigation progresses. This is especially true for a threat actor as advanced as Midnight Blizzard.
Therefore, it is recommended that all TeamViewer customers enable multi-factor authentication, set up an allow and block list so only authorized users can make connections, and monitor their network connections and TeamViewer logs.
TeamViewer says they believe their internal corporate network, not their production environment, was breached on Wednesday, June 26, using an employee's credentials.
"Following best-practice architecture, we have a strong segregation of the Corporate IT, the production environment, and the TeamViewer connectivity platform in place," continues TeamViewer's statement.
"This means we keep all servers, networks, and accounts strictly separate to help prevent unauthorized access and lateral movement between the different environments. This segregation is one of multiple layers of protection in our 'defense in-depth' approach."
While this is reassuring to TeamViewer customers, it is common in incidents like this for more information to come out later as the investigation progresses. This is especially true for a threat actor as advanced as Midnight Blizzard.
Therefore, it is recommended that all TeamViewer customers enable multi-factor authentication, set up an allow and block list so only authorized users can make connections, and monitor their network connections and TeamViewer logs.